<html>
<head><meta charset="utf-8"><title>Safe access to volatile memory · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html">Safe access to volatile memory</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="174588949"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174588949" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174588949">(Aug 30 2019 at 22:55)</a>:</h4>
<p>Hi everyone... long time no see... I've been writing some unsafe code, which I thiiiiink is safe, but as always who knows?</p>



<a name="174589028"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174589028" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174589028">(Aug 30 2019 at 22:57)</a>:</h4>
<p>It's providing safe access to shared memory, which means that there could be attacker processes writing into the memory at arbitrary times, so taking <code>&amp;T</code> access is definitely UB for some <code>T</code>s (e,g. <code>&amp;usize</code> into shared memory is right out).</p>



<a name="174589038"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174589038" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174589038">(Aug 30 2019 at 22:57)</a>:</h4>
<p>I put all the unsafe code in one file, which will hopefully make it easier to nerd-snipe. <a href="https://github.com/asajeffrey/shared-data/blob/master/src/unsafe_code.rs" target="_blank" title="https://github.com/asajeffrey/shared-data/blob/master/src/unsafe_code.rs">https://github.com/asajeffrey/shared-data/blob/master/src/unsafe_code.rs</a></p>



<a name="174589125"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174589125" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174589125">(Aug 30 2019 at 22:59)</a>:</h4>
<p>One issue I'm aware of is that if the attacker can write <code>undef</code> values into shared memory, then we have UB, if <code>read_volatile</code> can read back the <code>undef</code>.</p>



<a name="174589470"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174589470" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174589470">(Aug 30 2019 at 23:07)</a>:</h4>
<p>But I think <code>read_volatile</code> can only produce defined values, not <code>undef</code>.</p>



<a name="174592106"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174592106" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174592106">(Aug 31 2019 at 00:04)</a>:</h4>
<p>this seems related to the question of whether int's can have undefined bits</p>



<a name="174593590"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174593590" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tom Phinney <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174593590">(Aug 31 2019 at 00:41)</a>:</h4>
<p><code>int</code> semantics is relevant here. If only some of the bits are undefined, it's clearly a bit-string or a packed <code>struct</code> and not an <code>int</code>. However if all of the bits are undefined it could be anything of that size.</p>



<a name="174605744"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174605744" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174605744">(Aug 31 2019 at 07:02)</a>:</h4>
<p><span class="user-mention" data-user-id="128323">@Alan Jeffrey</span> ah, you're opening that can of worms again ;)</p>



<a name="174605747"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174605747" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174605747">(Aug 31 2019 at 07:02)</a>:</h4>
<p>there's a loooong discussion on the subject at <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/152" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/152">https://github.com/rust-lang/unsafe-code-guidelines/issues/152</a></p>



<a name="174605758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174605758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174605758">(Aug 31 2019 at 07:03)</a>:</h4>
<blockquote>
<p>But I think <code>read_volatile</code> can only produce defined values, not <code>undef</code>.</p>
</blockquote>
<p>in particular, for this part, I would like to agree -- but LLVM devs seem to think this is not worth stating, and I am reluctant to guarantee it for Rust if LLVM won't guarnatee it to us. See <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/152" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/152">https://github.com/rust-lang/unsafe-code-guidelines/issues/152</a>.</p>



<a name="174605809"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174605809" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174605809">(Aug 31 2019 at 07:04)</a>:</h4>
<p>If LLVM had a <code>freeze</code> instruction we could just make the <code>read_volatile</code> intrinsic emit a load followed by a freeze and wouldnt not have to rely on LLVM specifying their stuff better... but alas, we've been waiting for <code>freeze</code> since forever</p>



<a name="174605864"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174605864" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174605864">(Aug 31 2019 at 07:06)</a>:</h4>
<p>oh and then of course there are all the concerns about having anything freeze-like in Rust, those would also have to be resolved before we can guarantee this. see e.g. <a href="https://github.com/rust-lang/rfcs/pull/837" target="_blank" title="https://github.com/rust-lang/rfcs/pull/837">https://github.com/rust-lang/rfcs/pull/837</a></p>



<a name="174605994"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174605994" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174605994">(Aug 31 2019 at 07:08)</a>:</h4>
<p>also I think treating <code>AtomicBool</code> as share-safe is plain wrong. After all, if this is shared with untrusted code, that code might write things to memory that are not a valid <code>bool</code></p>



<a name="174618273"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618273" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618273">(Aug 31 2019 at 13:38)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> you're not kidding, that is a long read!</p>



<a name="174618329"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618329" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618329">(Aug 31 2019 at 13:39)</a>:</h4>
<p>In this case, there's two ways to deal with <code>undef</code>, either stop the Rust code from reading it, or make the attacker model one which can't write it.</p>



<a name="174618380"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618380" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618380">(Aug 31 2019 at 13:40)</a>:</h4>
<p>It sounds like restricting the attacker model so they can't write <code>undef</code> is the easiest one to go for?</p>



<a name="174618396"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618396" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618396">(Aug 31 2019 at 13:41)</a>:</h4>
<blockquote>
<p><span class="user-mention silent" data-user-id="120791">RalfJ</span> you're not kidding, that is a long read!</p>
</blockquote>
<p>yeah... we should get better at having summaries of such discussions. not enough time for all the things that need doing :/</p>



<a name="174618439"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618439" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618439">(Aug 31 2019 at 13:42)</a>:</h4>
<blockquote>
<p>It sounds like restricting the attacker model so they can't write <code>undef</code> is the easiest one to go for?</p>
</blockquote>
<p>restricting the attacker is always the easier option, isn't it? ;)</p>



<a name="174618450"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618450" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618450">(Aug 31 2019 at 13:42)</a>:</h4>
<blockquote>
<blockquote>
<p>But I think <code>read_volatile</code> can only produce defined values, not <code>undef</code>.</p>
</blockquote>
<p>in particular, for this part, I would like to agree -- but LLVM devs seem to think this is not worth stating, and I am reluctant to guarantee it for Rust if LLVM won't guarnatee it to us. See <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/152" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/152">https://github.com/rust-lang/unsafe-code-guidelines/issues/152</a>.</p>
</blockquote>
<p>sorry, that link should have been <a href="https://bugs.llvm.org/show_bug.cgi?id=42435" target="_blank" title="https://bugs.llvm.org/show_bug.cgi?id=42435">https://bugs.llvm.org/show_bug.cgi?id=42435</a></p>



<a name="174618467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618467">(Aug 31 2019 at 13:44)</a>:</h4>
<p>Also, on <code>AtomicBool</code>, I had a look at the source, and it does sanitize reads to make sure they're bools (e.g. read x:u8 and return x!=0) but it may be that future versions of <code>AtomicBool</code> will change that?</p>



<a name="174618642"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618642" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618642">(Aug 31 2019 at 13:49)</a>:</h4>
<p>Goes and reads llvm docs... AFAICT if the attacker is any llvm program, then the attacker just spawns two threads, does concurrent writes into shared memory, and boom the shared memory is filled with undef. I think I'm going to ignore that :)</p>



<a name="174618651"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174618651" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174618651">(Aug 31 2019 at 13:50)</a>:</h4>
<p>Interesting that llvm is waker than all the hardware models, which (afaik) don't have <code>undef</code>.</p>



<a name="174619068"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619068" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619068">(Aug 31 2019 at 14:01)</a>:</h4>
<p>*weaker</p>



<a name="174619346"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619346" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619346">(Aug 31 2019 at 14:08)</a>:</h4>
<blockquote>
<p>Also, on <code>AtomicBool</code>, I had a look at the source, and it does sanitize reads to make sure they're bools (e.g. read x:u8 and return x!=0) but it may be that future versions of <code>AtomicBool</code> will change that?</p>
</blockquote>
<p>If it's not in the docs it is certainly not guaranteed</p>



<a name="174619348"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619348" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619348">(Aug 31 2019 at 14:08)</a>:</h4>
<p>also, even if we allow <code>undef</code> in ints, that sanitization would be UB if the value read is <code>undef</code></p>



<a name="174619413"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619413" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619413">(Aug 31 2019 at 14:10)</a>:</h4>
<blockquote>
<p>Interesting that llvm is waker than all the hardware models, which (afaik) don't have <code>undef</code>.</p>
</blockquote>
<p>true. but having such a form of "delayed UB value" is basically necessary in an optimizing IR. <a href="https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf" target="_blank" title="https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf">This paper</a> has a fairly good explanation.</p>



<a name="174619430"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619430" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619430">(Aug 31 2019 at 14:11)</a>:</h4>
<p>note: my <code>undef</code> above is Miri's <code>undef</code>; LLVM calls that <code>poison</code>.<br>
LLVM's <code>undef</code> is a mess that not even LLVM optmizations use correctly, so I am going to pretend that the proposal in said paper is implemented, so LLVM no longer has <code>undef</code>, it just has <code>poison</code>.</p>



<a name="174619571"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619571" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619571">(Aug 31 2019 at 14:15)</a>:</h4>
<p>Yes, for regular reads and writes, I can see why you need something like <code>undef</code>, but it's not obvious that's true for atomics.</p>



<a name="174619704"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/174619704" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#174619704">(Aug 31 2019 at 14:19)</a>:</h4>
<p>BTW, does anyone know if I'm reinventing the wheel here? Is there a crate that already does safe access to shared memory?</p>



<a name="175747985"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175747985" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175747985">(Sep 15 2019 at 13:02)</a>:</h4>
<blockquote>
<p>Yes, for regular reads and writes, I can see why you need something like <code>undef</code>, but it's not obvious that's true for atomics.</p>
</blockquote>
<p>atomics can be replaced by non-atomic accesses if the compiler can determine that they are only used in a single thread</p>



<a name="175748028"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175748028" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175748028">(Sep 15 2019 at 13:02)</a>:</h4>
<p>so, we have to be able to deal with them yieldung <code>undef</code>/<code>poison</code> as well</p>



<a name="175748032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175748032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175748032">(Sep 15 2019 at 13:02)</a>:</h4>
<p><span class="user-mention" data-user-id="128323">@Alan Jeffrey</span> ^</p>



<a name="175751556"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175751556" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175751556">(Sep 15 2019 at 14:31)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> the compiler is allowed to replace atomics by non-atomics?????? Argh, is there a way to stop that?</p>



<a name="175751666"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175751666" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175751666">(Sep 15 2019 at 14:34)</a>:</h4>
<p>In particular, for shared memory, unless the compiler is related to keep track of which memory may be shared with other processes?</p>



<a name="175751683"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175751683" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175751683">(Sep 15 2019 at 14:35)</a>:</h4>
<p>(I'm guessing that is under-spec'd, since that seems to be the state of most relaxed models wrt shared memory.)</p>



<a name="175783320"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175783320" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175783320">(Sep 16 2019 at 05:02)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> By what means can the compiler know that?</p>



<a name="175790683"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175790683" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175790683">(Sep 16 2019 at 07:53)</a>:</h4>
<p>One possibilities is if the compiler can find out where the object being accesses atomically was allocated and determine that its address does not escape to any place where it might become available to other threads. (Or for a simpler version,, the address just isn't captured at all, period.)</p>



<a name="175792000"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175792000" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175792000">(Sep 16 2019 at 08:13)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> <span class="user-mention" data-user-id="120791">@RalfJ</span> do we have a minimal example that shows this at work ?</p>



<a name="175792250"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175792250" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175792250">(Sep 16 2019 at 08:16)</a>:</h4>
<p>IIRC LLVM does not actually do that currently, it's just allowed under as-if rule</p>



<a name="175792535"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175792535" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175792535">(Sep 16 2019 at 08:21)</a>:</h4>
<p>LLVM does completely eliminate atomic loads in some cases</p>



<a name="175793243"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175793243" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175793243">(Sep 16 2019 at 08:33)</a>:</h4>
<p>But even for something as simple as: <a href="https://play.rust-lang.org/?version=nightly&amp;mode=release&amp;edition=2018&amp;gist=0f1e25e488323bd2d9be740397ce1095" target="_blank" title="https://play.rust-lang.org/?version=nightly&amp;mode=release&amp;edition=2018&amp;gist=0f1e25e488323bd2d9be740397ce1095">https://play.rust-lang.org/?version=nightly&amp;mode=release&amp;edition=2018&amp;gist=0f1e25e488323bd2d9be740397ce1095</a> no interesting optimizations happen (e.g. I'd expect that to be optimized to just <code>exit(43)</code>.</p>



<a name="175798104"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798104" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798104">(Sep 16 2019 at 09:51)</a>:</h4>
<blockquote>
<p>(I'm guessing that is under-spec'd, since that seems to be the state of most relaxed models wrt shared memory.)</p>
</blockquote>
<p>well, it's not a specs role to say "the compiler may do this or that transformation". the spec describes possible program behaviors, and then the compiler can do whatever it wants as long as it doesnt make the program do anything the spec doesn't let it do.</p>



<a name="175798189"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798189" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798189">(Sep 16 2019 at 09:53)</a>:</h4>
<blockquote>
<p><span class="user-mention silent" data-user-id="120791">RalfJ</span> By what means can the compiler know that?</p>
</blockquote>
<p>trivial case:</p>
<div class="codehilite"><pre><span></span><span class="k">fn</span> <span class="nf">foo</span><span class="p">()</span><span class="w"> </span>-&gt; <span class="kt">u32</span> <span class="p">{</span><span class="w"></span>
<span class="w">  </span><span class="kd">let</span><span class="w"> </span><span class="n">x</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">AtomicU32</span>::<span class="n">new</span><span class="p">(</span><span class="mi">14</span><span class="p">);</span><span class="w"></span>
<span class="w">  </span><span class="n">x</span><span class="p">.</span><span class="n">load</span><span class="p">(</span><span class="n">Ordering</span>::<span class="n">SeqCst</span><span class="p">)</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>


<p>this can be optimized to just return 14. the way that happens is that the atomic-load can first become non-atomic (a non-trivial transformation since the compiler has to prove that this does not remove synchronizes-with edges!), and then it's plain load forwarding.</p>



<a name="175798210"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798210" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798210">(Sep 16 2019 at 09:53)</a>:</h4>
<p><span class="user-mention" data-user-id="239881">@Josh Triplett</span> more generally speaking, if <code>foo</code> did a hole bunch of stuff but the compiler could tell that all accesses to <code>x</code> come from the same thread, it can just make them all non-atomic.</p>



<a name="175798254"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798254" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798254">(Sep 16 2019 at 09:54)</a>:</h4>
<blockquote>
<p>trivial case:</p>
</blockquote>
<p>I saw that case, but the moment I add a write, all optimizatons are disabled :/</p>



<a name="175798308"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798308" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798308">(Sep 16 2019 at 09:54)</a>:</h4>
<blockquote>
<p>(I'm guessing that is under-spec'd, since that seems to be the state of most relaxed models wrt shared memory.)</p>
</blockquote>
<p><span class="user-mention" data-user-id="128323">@Alan Jeffrey</span> what <em>is</em> under-spec'd is the "open" case -- like, having a part of a program that gets composed with some other unknown code and then saying what the heck is going on. that's a genuinely hard research problem even for languages much simpler than C or Rust.</p>



<a name="175798324"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798324" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798324">(Sep 16 2019 at 09:54)</a>:</h4>
<blockquote>
<blockquote>
<p>trivial case:</p>
</blockquote>
<p>I saw that case, but the moment I add a write, all optimizatons are disabled :/</p>
</blockquote>
<p>I am not talking about what LLVM <em>does</em> (I have no idea of the status there), but what it is <em>allowed to do</em></p>



<a name="175798450"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798450" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798450">(Sep 16 2019 at 09:57)</a>:</h4>
<blockquote>
<p><span class="user-mention silent" data-user-id="120791">RalfJ</span> the compiler is allowed to replace atomics by non-atomics?????? Argh, is there a way to stop that?</p>
</blockquote>
<p>de jure? no, if the compiler understands what your code is doing (or thinks it does...) then it can do whatever it wants as long as the code still does the same thing <em>when viewed from the abstract machine</em>. so, you'd need something like volatile to be able to "plug in" hardware-level reasoning. LLVM has "atomic volatile" operations, so maybe those would help here.<br>
de facto, if the address of an atomic gets leaked to unknown code that is never optimized together (including via xLTO), the compiler has no way to prove that the atomic is <em>not</em> used from multiple threads, so it cannot remove the optimizations.<br>
but really, if you want to reason outside of the abstract machine, volatile should come in. that is <em>exactly</em> what it is made for.</p>



<a name="175798534"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175798534" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175798534">(Sep 16 2019 at 09:58)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> writes here work too: <a href="https://rust.godbolt.org/z/m_iP1f" target="_blank" title="https://rust.godbolt.org/z/m_iP1f">https://rust.godbolt.org/z/m_iP1f</a></p>
<blockquote>
<p>I am not talking about what LLVM does (I have no idea of the status there), but what it is allowed to do</p>
</blockquote>
<p>I think we all agree that it is allowed to do these optimizations. My question was if it was specifically already doing them in some cases, since from <span class="user-mention" data-user-id="124289">@rkruppe</span> comment I got the impression that it was not.</p>



<a name="175823607"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175823607" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175823607">(Sep 16 2019 at 15:35)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> \</p>



<a name="175823621"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175823621" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175823621">(Sep 16 2019 at 15:35)</a>:</h4>
<blockquote>
<p>LLVM has "atomic volatile" operations,</p>
</blockquote>



<a name="175823660"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175823660" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175823660">(Sep 16 2019 at 15:35)</a>:</h4>
<p>does Rust have a way of using them?</p>



<a name="175824004"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175824004" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175824004">(Sep 16 2019 at 15:38)</a>:</h4>
<p>no</p>



<a name="175830940"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175830940" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175830940">(Sep 16 2019 at 16:57)</a>:</h4>
<p>but we've had proposals before to make <code>read_volatile</code> and <code>write_volatile</code> atomic (with the weakest "unordered" ordering)</p>



<a name="175830953"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175830953" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175830953">(Sep 16 2019 at 16:57)</a>:</h4>
<p>the issue here is tearing -- volatile accesses can tear, atomic accesses can not</p>



<a name="175830964"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175830964" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175830964">(Sep 16 2019 at 16:57)</a>:</h4>
<p>the thing is, when you use volatile for MMIO you dont want tearing</p>



<a name="175831017"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175831017" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175831017">(Sep 16 2019 at 16:58)</a>:</h4>
<p>so we need to solve this one way or another either way. just noone is pushing for a solution ATM.</p>



<a name="175840170"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840170" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840170">(Sep 16 2019 at 18:44)</a>:</h4>
<p>there was also the idea of providing intrinsics that are guaranteed not to tear</p>



<a name="175840185"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840185" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840185">(Sep 16 2019 at 18:44)</a>:</h4>
<p>since whether volatile load / stores tear in LLVM is... unspecified at best</p>



<a name="175840194"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840194" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840194">(Sep 16 2019 at 18:44)</a>:</h4>
<p>at least, i don't know of any way to query that</p>



<a name="175840293"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840293" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840293">(Sep 16 2019 at 18:45)</a>:</h4>
<p>yes. seems like a natural choice then for the compiler to provide "unordered" atomic volatile intrinsics that cannot tear, and do the rest in libstd?</p>



<a name="175840405"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840405" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840405">(Sep 16 2019 at 18:46)</a>:</h4>
<p>not sure what the status of "atomic memcpy/memset" is, but that could have a volatile variant as well (with tearing specified the same way as it is for the atomic variant)</p>



<a name="175840547"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840547" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840547">(Sep 16 2019 at 18:48)</a>:</h4>
<p>there is <a href="https://github.com/rust-lang-nursery/compiler-builtins/pull/311" target="_blank" title="https://github.com/rust-lang-nursery/compiler-builtins/pull/311">https://github.com/rust-lang-nursery/compiler-builtins/pull/311</a></p>



<a name="175840587"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840587" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840587">(Sep 16 2019 at 18:48)</a>:</h4>
<p>so the various memcpy/memset variants all explicitly specify their tearing. we could have the same for volatile. the only question then is how to implement the existing interface that works for any type.</p>



<a name="175840629"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840629" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840629">(Sep 16 2019 at 18:49)</a>:</h4>
<p>in terms of avoiding API duplication, it might make sense to have <code>Ordering::Volatile</code>, so that all the existing atomic APIs can just also be used here.</p>



<a name="175840956"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840956" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840956">(Sep 16 2019 at 18:52)</a>:</h4>
<p>FWIW i wouldn't try to do that</p>



<a name="175840986"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175840986" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175840986">(Sep 16 2019 at 18:52)</a>:</h4>
<p>At least, until we find an use case for volatile operations with tearing</p>



<a name="175841020"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175841020" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175841020">(Sep 16 2019 at 18:53)</a>:</h4>
<p>I think it would be sufficient to provide the <code>Ordering::UnorderedVolatile</code> for those atomic operations that cannot tear, and have those be unordered+volatile</p>



<a name="175841140"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175841140" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175841140">(Sep 16 2019 at 18:54)</a>:</h4>
<p>On a platform where those would tear, they should just fail to compile, just like we do for atomics</p>



<a name="175841197"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175841197" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175841197">(Sep 16 2019 at 18:55)</a>:</h4>
<p>If someone finds out an use case for tearing, they can always at least emulate it on top of non-tearing accesses</p>



<a name="175841219"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175841219" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175841219">(Sep 16 2019 at 18:55)</a>:</h4>
<p>And we could add support for that in the future if we wanted</p>



<a name="175841412"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175841412" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175841412">(Sep 16 2019 at 18:57)</a>:</h4>
<blockquote>
<p>At least, until we find an use case for volatile operations with tearing</p>
</blockquote>
<p>we have to support the current <code>read_volatile</code>/<code>write_volatile</code> methods, which in general require tearing</p>



<a name="175841461"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175841461" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175841461">(Sep 16 2019 at 18:57)</a>:</h4>
<p>so we already do support volatile-with-tearing. when we get atomic-with-tearing, we might as well make it support volatile as well.</p>



<a name="175848373"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175848373" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175848373">(Sep 16 2019 at 20:18)</a>:</h4>
<p>atomic-with-tearing does not make sense to me</p>



<a name="175848375"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175848375" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175848375">(Sep 16 2019 at 20:18)</a>:</h4>
<p>atomic is the opposite of tearing</p>



<a name="175848384"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175848384" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175848384">(Sep 16 2019 at 20:19)</a>:</h4>
<p>as in, either an operation is atomic, or it tears</p>



<a name="175848395"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175848395" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175848395">(Sep 16 2019 at 20:19)</a>:</h4>
<p>but it can't be both at the same time</p>



<a name="175853044"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175853044" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175853044">(Sep 16 2019 at 21:10)</a>:</h4>
<p>Do we need <code>SeqCstVolatile</code>, <code>AqVolatile</code>, <code>RelVolatile</code> and <code>AqRelVolatile</code> too? We'll need something stronger than <code>UnorderedVolatile</code> if we want happens-before to propogate between processes as well as threads.</p>



<a name="175853090"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175853090" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175853090">(Sep 16 2019 at 21:11)</a>:</h4>
<p>Or alternatively, can we make <code>SeqCst</code> use <code>VolatileSeqCst</code> under the hood? (and ditto <code>AqRel</code> and friends)</p>



<a name="175890115"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175890115" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175890115">(Sep 17 2019 at 09:37)</a>:</h4>
<blockquote>
<p>Or alternatively, can we make SeqCst use VolatileSeqCst under the hood? (and ditto AqRel and friends)</p>
</blockquote>
<p>I don't think so. This would disable pretty much all optimizations on atomic operations.</p>



<a name="175890135"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175890135" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175890135">(Sep 17 2019 at 09:37)</a>:</h4>
<blockquote>
<p>Do we need SeqCstVolatile, AqVolatile, RelVolatile and AqRelVolatile too? We'll need something stronger than UnorderedVolatile if we want happens-before to propogate between processes as well as threads.</p>
</blockquote>
<p>Probably.</p>



<a name="175890142"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175890142" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175890142">(Sep 17 2019 at 09:37)</a>:</h4>
<p>Volatile is orthogonal to the ordering</p>



<a name="175890225"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175890225" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175890225">(Sep 17 2019 at 09:38)</a>:</h4>
<p>and just means that the load / store has unobservable side-effects and must happen just as the code was written (e.g. two subsequent relaxed loads can be merged, but two subsequent volatile relaxed loads cannot).</p>



<a name="175906887"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175906887" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175906887">(Sep 17 2019 at 13:40)</a>:</h4>
<p><span class="user-mention" data-user-id="132920">@gnzlbg</span> Yeah, I was mainly thinking about <code>SeqCst</code>. I don't think there are many valid optimizations we'd lose, the ones I know of are the ones which need (e.g.) escape analysis to ensure no concurrent access.</p>



<a name="175906960"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175906960" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175906960">(Sep 17 2019 at 13:41)</a>:</h4>
<p>The reason for asking is that I'm not sure at this late date that we'll be able to add any more cases to <code>Ordering</code>, since that'd be a breaking change.</p>



<a name="175907873"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/175907873" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#175907873">(Sep 17 2019 at 13:50)</a>:</h4>
<p>Many of the optimizations discussed in <a href="https://jfbastien.github.io/no-sane-compiler/#/32" target="_blank" title="https://jfbastien.github.io/no-sane-compiler/#/32">https://jfbastien.github.io/no-sane-compiler/#/32</a> are valid for SeqCst and don't need escape analysis</p>



<a name="176046721"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/176046721" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#176046721">(Sep 18 2019 at 21:06)</a>:</h4>
<blockquote>
<p>as in, either an operation is atomic, or it tears</p>
</blockquote>
<p>well there are atomic menset and atomic memcpy. so... I think you are wrong.</p>



<a name="176046784"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/176046784" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#176046784">(Sep 18 2019 at 21:07)</a>:</h4>
<blockquote>
<p>We'll need something stronger than UnorderedVolatile if we want happens-before to propogate between processes as well as threads.</p>
</blockquote>
<p>what synchronization do you want to propagate to untrusted code? that's a first.</p>



<a name="176054530"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/176054530" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> comex <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#176054530">(Sep 18 2019 at 23:07)</a>:</h4>
<p>not a first :) <a href="https://internals.rust-lang.org/t/add-volatile-operations-to-core-x86-64/10480/18?u=comex" target="_blank" title="https://internals.rust-lang.org/t/add-volatile-operations-to-core-x86-64/10480/18?u=comex">https://internals.rust-lang.org/t/add-volatile-operations-to-core-x86-64/10480/18?u=comex</a></p>



<a name="176073729"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/176073729" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#176073729">(Sep 19 2019 at 06:53)</a>:</h4>
<p>well see my reply there. I dont see why this would need volatile.</p>



<a name="176073770"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/176073770" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#176073770">(Sep 19 2019 at 06:54)</a>:</h4>
<p>volatile is for "I want to reason based on assembly-level memory accesses"</p>



<a name="177165402"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177165402" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177165402">(Oct 02 2019 at 16:12)</a>:</h4>
<p>Oh, and more fun, AFAICT there's no way to stop another process from truncating your shared memory file at any point, causing a SIGBUS if you access it. <a href="https://github.com/asajeffrey/shared-data/issues/7" target="_blank" title="https://github.com/asajeffrey/shared-data/issues/7">https://github.com/asajeffrey/shared-data/issues/7</a></p>



<a name="177165846"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177165846" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177165846">(Oct 02 2019 at 16:17)</a>:</h4>
<p>So is there any way to use shared memory safely in Rust? Maaaaybe by putting down a SIGBUS signal handler that tears down the current thread, though I suspect this would mean not even running panic or drop code.\</p>



<a name="177171303"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177171303" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177171303">(Oct 02 2019 at 17:15)</a>:</h4>
<p>You are not guaranteed any particular signal, I think.</p>



<a name="177171405"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177171405" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177171405">(Oct 02 2019 at 17:16)</a>:</h4>
<p>on linux you want a sealed memfd</p>



<a name="177171487"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177171487" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177171487">(Oct 02 2019 at 17:17)</a>:</h4>
<p>specifically you can prevent memfd from being resized by placing a seal on it.</p>



<a name="177171627"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177171627" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177171627">(Oct 02 2019 at 17:18)</a>:</h4>
<p>reading manpages, it seems like you should be able to seal regular files too</p>



<a name="177171681"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177171681" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177171681">(Oct 02 2019 at 17:19)</a>:</h4>
<p>Ah no, you cannot:</p>
<blockquote>
<p>Currently, file seals can be applied only to a file descriptor returned by memfd_create(2) (if the MFD_ALLOW_SEALING was employed). On other filesystems, all fcntl() operations that operate on seals will return EINVAL.</p>
</blockquote>



<a name="177257096"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177257096" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177257096">(Oct 03 2019 at 15:42)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> Yeah, on Linux it seems like sealed memfd is the way to go; I wonder what the equivalent is on other OSs?</p>



<a name="177257418"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177257418" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177257418">(Oct 03 2019 at 15:46)</a>:</h4>
<p>Not sure, I haven’t looked in what options there are elsewhere; I bet on Windows you can just do an exclusive lock for that kind of operation on a filesystem file as well.</p>



<a name="177257684"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177257684" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177257684">(Oct 03 2019 at 15:49)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> yes, though it depends on the permission system as to whether you can hand out write permission but not truncate permission.</p>



<a name="177257886"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177257886" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177257886">(Oct 03 2019 at 15:51)</a>:</h4>
<p>On BSDs you might be able to set a append-only flag: <a href="https://man.openbsd.org/FreeBSD-11.1/chflags.2" target="_blank" title="https://man.openbsd.org/FreeBSD-11.1/chflags.2">https://man.openbsd.org/FreeBSD-11.1/chflags.2</a>, though not sure if that allows mutating the already written data.</p>



<a name="177258044"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258044" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258044">(Oct 03 2019 at 15:53)</a>:</h4>
<p>Yes, but that makes the current contents immutable :(</p>



<a name="177258120"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258120" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258120">(Oct 03 2019 at 15:54)</a>:</h4>
<p>But coming back to the original question: I would indeed not consider it to be a part of attacker model. What hebaviour you get here seems dependent on the kernel that the code is running on too</p>



<a name="177258159"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258159" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258159">(Oct 03 2019 at 15:54)</a>:</h4>
<p>i.e. linux may guarantee a sigbus, but  I can imagine a bad kernel just returning garbage <span aria-label="slight smile" class="emoji emoji-1f642" role="img" title="slight smile">:slight_smile:</span></p>



<a name="177258184"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258184" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258184">(Oct 03 2019 at 15:55)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> yeah, we're into <span aria-label="shrug" class="emoji emoji-1f937" role="img" title="shrug">:shrug:</span> territory here I suspect, about when you're allowed to mark access to shared memory safe.</p>



<a name="177258199"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258199" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258199">(Oct 03 2019 at 15:55)</a>:</h4>
<p>So it would be out-of-scope for unsafe-code-guidelines past what is already specified (e.g. reading unallocated memory is UB)</p>



<a name="177258231"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258231" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258231">(Oct 03 2019 at 15:56)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> nondeterministic values are fine, as long as they're not poison, or another form of UB.</p>



<a name="177258367"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258367" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258367">(Oct 03 2019 at 15:57)</a>:</h4>
<p>Well this is a volatile read, so you won’t get poison, but you could read out 42 as a bool <span aria-label="slight smile" class="emoji emoji-1f642" role="img" title="slight smile">:slight_smile:</span></p>



<a name="177258394"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258394" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258394">(Oct 03 2019 at 15:57)</a>:</h4>
<p>Which I guess is the same concern you need to handle when dealing with any shared memory anyway</p>



<a name="177258558"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258558" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258558">(Oct 03 2019 at 15:59)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> 42 is fine, there's a lot of jumping through hoops to make sure that any time you construct a &amp;T into shared memory that it's OK, e.g. <code>&amp;AtomicUSize</code> but not <code>&amp;bool</code>.</p>



<a name="177258686"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258686" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258686">(Oct 03 2019 at 16:00)</a>:</h4>
<p>the thing I don't know how to handle safely is the shared memory being truncated <span aria-label="frown" class="emoji emoji-1f641" role="img" title="frown">:frown:</span></p>



<a name="177258746"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177258746" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177258746">(Oct 03 2019 at 16:00)</a>:</h4>
<p><a href="https://github.com/asajeffrey/shared-data" target="_blank" title="https://github.com/asajeffrey/shared-data">https://github.com/asajeffrey/shared-data</a></p>



<a name="177314800"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177314800" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177314800">(Oct 04 2019 at 06:53)</a>:</h4>
<p>In general I don't think you <em>can</em> make that avoid a sigbus or equivalent, not on all systems. Certainly not on general POSIX. And even on Linux you can't count on having memfd.</p>



<a name="177314918"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177314918" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177314918">(Oct 04 2019 at 06:56)</a>:</h4>
<p>That said, I don't think that's <em>unsafe</em>. It might raise a signal, but it won't generate UB.</p>



<a name="177314926"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177314926" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177314926">(Oct 04 2019 at 06:57)</a>:</h4>
<p>So I think you should just ignore it. (You can recommend memfd though.)</p>



<a name="177335414"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177335414" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177335414">(Oct 04 2019 at 12:52)</a>:</h4>
<p>So I think you should just ignore it. (You can recommend memfd though.)</p>



<a name="177337695"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177337695" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177337695">(Oct 04 2019 at 13:19)</a>:</h4>
<p>Is behaviour of reading mapped pages from previously-mapped area of the file that has been since truncated specified for all posixes?</p>



<a name="177337762"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177337762" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177337762">(Oct 04 2019 at 13:20)</a>:</h4>
<p>(as in, behaviour of "you will get a signal" and not "unspecified/undefined")</p>



<a name="177338887"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177338887" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177338887">(Oct 04 2019 at 13:33)</a>:</h4>
<p>I've never heard of one that has undefined behavior.</p>



<a name="177338900"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177338900" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177338900">(Oct 04 2019 at 13:33)</a>:</h4>
<p>You might check the spec.</p>



<a name="177339475"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177339475" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177339475">(Oct 04 2019 at 13:39)</a>:</h4>
<p>The Single Unix Specification v2 specifies that behavior.</p>



<a name="177339485"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177339485" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177339485">(Oct 04 2019 at 13:39)</a>:</h4>
<p>I think you can safely rely on it.</p>



<a name="177339663"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177339663" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177339663">(Oct 04 2019 at 13:42)</a>:</h4>
<p>Ah, hang on...</p>



<a name="177339758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177339758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177339758">(Oct 04 2019 at 13:43)</a>:</h4>
<p>So, it specifies that references past the end will generate SIGBUS.</p>



<a name="177339767"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177339767" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177339767">(Oct 04 2019 at 13:43)</a>:</h4>
<p>But:</p>



<a name="177339782"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177339782" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177339782">(Oct 04 2019 at 13:43)</a>:</h4>
<blockquote>
<p>If the size of the mapped file changes after the call to mmap() as a result of some other operation on the mapped file, the effect of references to portions of the mapped region that correspond to added or removed portions of the file is unspecified.</p>
</blockquote>



<a name="177712966"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177712966" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177712966">(Oct 09 2019 at 13:25)</a>:</h4>
<blockquote>
<p>Well this is a volatile read, so you won’t get poison, but you could read out 42 as a bool :)</p>
</blockquote>
<p><span class="user-mention" data-user-id="123586">@nagisa</span>  we hope you don't but LLVM doesn't want to guarantee that :(</p>



<a name="177713060"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177713060" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177713060">(Oct 09 2019 at 13:26)</a>:</h4>
<p><span class="user-mention" data-user-id="128323">@Alan Jeffrey</span>  regarding SIGBUS, one tricky bit here is that the compiler might have license to insert spurious accesses (e.g. if you had a reference into that memory) so you might get SIGBUS even if your code didn't access that memory</p>



<a name="177722398"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177722398" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177722398">(Oct 09 2019 at 15:03)</a>:</h4>
<p>Indeed. I don't think <code>Atomic*</code> makes any guarantees that it won't introduce extra reads, just that the accesses in your program will be preserved (up to the appropriate <code>Ordering</code>).</p>



<a name="177724003"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177724003" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177724003">(Oct 09 2019 at 15:18)</a>:</h4>
<p>no it doesnt even guarantee that anything is preserved</p>



<a name="177724032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177724032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177724032">(Oct 09 2019 at 15:18)</a>:</h4>
<p>it makes no guarantees in terms of the final assembly memory pattern, only <code>volatile</code> does</p>



<a name="177724047"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177724047" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177724047">(Oct 09 2019 at 15:18)</a>:</h4>
<p>"atomic" just guarantees something about the behavior observable <em>inside the Rust program</em></p>



<a name="177724110"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177724110" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177724110">(Oct 09 2019 at 15:19)</a>:</h4>
<p>and with a whole-program analysis, that might well mean optimizing away memory accesses entirely, demoting atomic to non-atomic, or whatever</p>



<a name="177726602"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177726602" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177726602">(Oct 09 2019 at 15:40)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> I was brushing a lot of stuff under the carpet with "up to the appropriate <code>Ordering</code>" :)</p>



<a name="177726664"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177726664" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alan Jeffrey <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177726664">(Oct 09 2019 at 15:41)</a>:</h4>
<p>and yes, it's only giving guarantees to other threads, not other processes.</p>



<a name="177780947"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177780947" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177780947">(Oct 10 2019 at 05:38)</a>:</h4>
<p>“to other threads of execution”</p>



<a name="177781091"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177781091" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177781091">(Oct 10 2019 at 05:42)</a>:</h4>
<p>Something like:</p>
<p>‘’’rust<br>
fn main() {<br>
   extern “C” {<br>
       static PTR: *mut u8;<br>
   }<br>
   let x = atomic_load(PTR, Relaxed);<br>
   let y = atomic_load(PTR, Relaxed);<br>
   assert_eq!(x, y); // Might fail <br>
}<br>
‘’’</p>



<a name="177781104"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177781104" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177781104">(Oct 10 2019 at 05:43)</a>:</h4>
<p>can fail if there is a second thread of execution mutating the memory behind PTR</p>



<a name="177781160"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177781160" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177781160">(Oct 10 2019 at 05:44)</a>:</h4>
<p>If we want to be able to support multiple processes Rust cannot assume that won’t happen</p>



<a name="177781259"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177781259" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177781259">(Oct 10 2019 at 05:46)</a>:</h4>
<p>If Rust can assume that won’t happen, volatile won’t help you here anyways</p>



<a name="177788876"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177788876" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177788876">(Oct 10 2019 at 08:21)</a>:</h4>
<blockquote>
<p>can fail if there is a second thread of execution mutating the memory behind PTR</p>
</blockquote>
<p>there isnt, though, as we can see the entire program</p>



<a name="177788926"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177788926" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177788926">(Oct 10 2019 at 08:22)</a>:</h4>
<blockquote>
<p>If Rust can assume that won’t happen, volatile won’t help you here anyways</p>
</blockquote>
<p>yes volatile will help precise because it applies assembly-level semantics instead of Rust-level semantics</p>



<a name="177827360"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177827360" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177827360">(Oct 10 2019 at 16:27)</a>:</h4>
<blockquote>
<p>there isnt, though, as we can see the entire program</p>
</blockquote>
<p>If two processes are working on inter-process shared memory, Rust doesn't see all the changes to that memory</p>



<a name="177827493"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177827493" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177827493">(Oct 10 2019 at 16:28)</a>:</h4>
<p>In the program I have above, <code>PTR</code> address is opaque to Rust, and it could point to inter-process shared memory, so other processes might be modifying it concurrently</p>



<a name="177827651"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177827651" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177827651">(Oct 10 2019 at 16:30)</a>:</h4>
<p>It should be enough for all processes to use atomics to synchronize reads and write without having to reach for volatile</p>



<a name="177827736"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177827736" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177827736">(Oct 10 2019 at 16:31)</a>:</h4>
<p>And using volatile would actually prevent optimizations that are sound for this type of program, so it isn't a good solution either.</p>



<a name="177827831"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177827831" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177827831">(Oct 10 2019 at 16:32)</a>:</h4>
<p>So IMO the problematic issue here is the incorrect assumption that, if the Rust compiler does not see a program creating a second thread of execution, such second thread of execution does not exist</p>



<a name="177828222"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177828222" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177828222">(Oct 10 2019 at 16:36)</a>:</h4>
<p>This assumption would also break signal handling, e.g., if only the threads of execution that are created by the program exist, then only they can raise signals, so if none of them do, then no signals can be raised and we could optimize appropriately.</p>



<a name="177839958"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177839958" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177839958">(Oct 10 2019 at 18:35)</a>:</h4>
<blockquote>
<blockquote>
<p>there isnt, though, as we can see the entire program</p>
</blockquote>
<p>If two processes are working on inter-process shared memory, Rust doesn't see all the changes to that memory</p>
</blockquote>
<p>there's no code to set up shared memory so I think it is fair game for rustc to assume there's no such thing</p>



<a name="177839996"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177839996" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177839996">(Oct 10 2019 at 18:35)</a>:</h4>
<p>if you'd call unknown code <em>somewhere</em> -- like, make a single syscall -- the game would be very different</p>



<a name="177840062"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177840062" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177840062">(Oct 10 2019 at 18:35)</a>:</h4>
<blockquote>
<p>This assumption would also break signal handling, e.g., if only the threads of execution that are created by the program exist, then only they can raise signals, so if none of them do, then no signals can be raised and we could optimize appropriately.</p>
</blockquote>
<p>yeah signals suck. I am not aware of any formal model of them.^^</p>



<a name="177840169"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177840169" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177840169">(Oct 10 2019 at 18:36)</a>:</h4>
<p>but to e clear, the only memory that might be shared here is <code>PTR</code>, right? <code>x</code> and <code>y</code> are definitely private and we can do whatever we want</p>



<a name="177840361"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177840361" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177840361">(Oct 10 2019 at 18:38)</a>:</h4>
<p>so we could imagine having a clause that says that the compiler always needs to assume that there <em>might</em> be other threads in the Abstract Machine, even if it can see <code>main</code>. like, the initial state could consist of more than just running <code>main</code>. That seems reaosnable, but I am not  sure if LLVM implements this correctly.</p>



<a name="177858795"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177858795" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177858795">(Oct 10 2019 at 22:14)</a>:</h4>
<p>PTR can have been placed by the linker. And it can have been placed at an MMIO address for example. However, since they are atomic loads and not volatile loads, my understanding is that LLVM is free to make x and y both share the value of a single load.</p>



<a name="177883570"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/177883570" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#177883570">(Oct 11 2019 at 07:13)</a>:</h4>
<blockquote>
<p>there's no code to set up shared memory so I think it is fair game for rustc to assume there's no such thing</p>
</blockquote>
<p>I don't think that's required ? The OS kernel can set that for you and, e.g., it can share part of the kernel address space with that of a process when that process is launched and put an address to it in a static somewhere (e.g. in the auxiliary vectors of an ELF binary, etc.).</p>
<blockquote>
<p>but to e clear, the only memory that might be shared here is PTR, right? x and y are definitely private and we can do whatever we want</p>
</blockquote>
<p>Yes, I think that's a reasonable restriction. In practice, this isn't necessarily the case, e.g., a debugger or a profiler might want to inspect what a running thread is doing behind its back, including inspecting its stack, or maybe even modify it, but I think its reasonable for Rust to assume this never happens. If that happens, we provide no guarantees.</p>
<blockquote>
<p>so we could imagine having a clause that says that the compiler always needs to assume that there might be other threads in the Abstract Machine, even if it can see main. like, the initial state could consist of more than just running main. That seems reaosnable, but I am not sure if LLVM implements this correctly.</p>
</blockquote>
<p>Yes, such a clause is what I had in mind.</p>



<a name="178089448"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178089448" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178089448">(Oct 14 2019 at 10:02)</a>:</h4>
<blockquote>
<blockquote>
<p>One big concern here is reading undef, but even if we added a dedicated intrinsic to Rust, we still couldn't prevent that -- LLVM quite simply does not provide the required primitives to avoid undef here.</p>
</blockquote>
</blockquote>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> LLVM provides volatile inline assembly blocks</p>



<a name="178089465"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178089465" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178089465">(Oct 14 2019 at 10:02)</a>:</h4>
<p>LLVM probably doesn't guarantee that you can use them to turn <code>undef</code> into "not <code>undef</code>", but... it wouldn't not work either</p>



<a name="178089504"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178089504" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178089504">(Oct 14 2019 at 10:03)</a>:</h4>
<p>That particular implementation strategy would just have "stronger" semantics than what we guarantee for those intrinsics</p>



<a name="178089570"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178089570" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178089570">(Oct 14 2019 at 10:04)</a>:</h4>
<p>(e.g. atomic loads can be re-ordered around volatile loads, but if we were to use such an approach, they probably wouldn't be)</p>



<a name="178100494"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178100494" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178100494">(Oct 14 2019 at 12:59)</a>:</h4>
<p><span class="user-mention" data-user-id="132920">@gnzlbg</span> You have to admit though, that it would be a shame to resolve the issue in an architecture-specific way (and therefore once per architecture), when all it would take to resolve the problem cleanly and portably is for LLVM to close what is admittedly a spec hole that makes "their" volatile less well-defined than the underlying hardware loads and stores are.</p>



<a name="178100592"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178100592" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178100592">(Oct 14 2019 at 13:00)</a>:</h4>
<p>The purpose of undefined behavior is to enable optimizations of higher-level languages. The purpose of volatile is to disable optimizations and defer to hardware semantics. Therefore, the two are fundamentally at odds, and volatile should only have the minimal possible amount of UB to enable optimization of surrounding non-volatile code.</p>



<a name="178100799"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178100799" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178100799">(Oct 14 2019 at 13:03)</a>:</h4>
<p>Besides, if "LLVM doesn't guarantee it but it wouldn't not work either" is considered enough, using today's <code>volatile</code> is arguably enough for many purposes ;)</p>



<a name="178108173"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108173" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108173">(Oct 14 2019 at 14:32)</a>:</h4>
<blockquote>
<p>when all it would take to resolve the problem cleanly and portably is for LLVM to close what is admittedly a spec hole </p>
</blockquote>
<p>That looks like quite a bit of work to me.</p>



<a name="178108230"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108230" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108230">(Oct 14 2019 at 14:33)</a>:</h4>
<p>There is an LLVM bug open, and nobody appears to think that such hole is worth fixing, so if somebody wanted to fix it they would probably need to achieve consensus on what the fix is, implement it, and land it.</p>



<a name="178108739"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108739" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108739">(Oct 14 2019 at 14:39)</a>:</h4>
<p>That is indeed quite a bit of work. However, the same amount of work would be needed to guarantee that inline assembly loads are not allowed to return <code>undef</code>.</p>



<a name="178108887"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108887" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108887">(Oct 14 2019 at 14:41)</a>:</h4>
<p>My point was that we only have to guarantee that at the Rust language level</p>



<a name="178108906"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108906" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108906">(Oct 14 2019 at 14:41)</a>:</h4>
<p>Therefore, in my view...</p>
<p>- If we want to fix that hole, we need LLVM's help, one way or another.<br>
- If we are satisfied with a "should work, but isn't guaranteed to" statu quo, volatile is as good as inline assembly.</p>



<a name="178108978"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108978" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108978">(Oct 14 2019 at 14:42)</a>:</h4>
<p>I'm of the opinion that we should provide whatever guarantees we want for Rust</p>



<a name="178108988"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178108988" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178108988">(Oct 14 2019 at 14:42)</a>:</h4>
<p>If the inline assembly gets into LLVM's hands (and I think it does eventually), then we need LLVM's help too.</p>



<a name="178109038"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109038" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109038">(Oct 14 2019 at 14:43)</a>:</h4>
<p>On paper, sure. In practice, I'm fine with opening an issue about that, and punting how to fix it when the first user provides an example of a miscompilation</p>



<a name="178109042"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109042" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109042">(Oct 14 2019 at 14:43)</a>:</h4>
<blockquote>
<p>I'm of the opinion that we should provide whatever guarantees we want for Rust</p>
</blockquote>
<p>I would agree with you in an ideal world. But as long as <code>rustc</code> uses LLVM as a backend, we are not living in such an ideal world.</p>



<a name="178109056"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109056" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109056">(Oct 14 2019 at 14:43)</a>:</h4>
<p>We don't have to use inline assembly, we could use <code>global_asm!</code></p>



<a name="178109064"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109064" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109064">(Oct 14 2019 at 14:43)</a>:</h4>
<p>or the linker to call some assembly blob, or ..</p>



<a name="178109066"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109066" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109066">(Oct 14 2019 at 14:43)</a>:</h4>
<p>And writing hardware-specific backends is an awful lot of work.</p>



<a name="178109138"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109138" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109138">(Oct 14 2019 at 14:44)</a>:</h4>
<p>If we put the intrinsics in <code>core::arch</code>, we can implement them as users need them</p>



<a name="178109154"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109154" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109154">(Oct 14 2019 at 14:44)</a>:</h4>
<p>AFAIK, non-inline assembly means one CALL per volatile load or store, which seems too much.</p>



<a name="178109176"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109176" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109176">(Oct 14 2019 at 14:45)</a>:</h4>
<p>I don't think its worth it to invest too much time to support, e.g., <code>s390x</code>, when no user might ever need that there</p>



<a name="178109200"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109200" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109200">(Oct 14 2019 at 14:45)</a>:</h4>
<blockquote>
<p>AFAIK, non-inline assembly means one CALL per volatile load or store, which seems too much.</p>
</blockquote>
<p>Such is life if inline assembly turns out to not be enough.</p>



<a name="178109263"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109263" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109263">(Oct 14 2019 at 14:46)</a>:</h4>
<p>The point is, we can enforce Rust semantics with a hammer if needed be. Right now, we don't have to because inline assembly would work, and maybe even <code>read_volatile</code></p>



<a name="178109282"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109282" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109282">(Oct 14 2019 at 14:46)</a>:</h4>
<p>Sure, but just supporting "mainstream" platforms already means supporting x86, x86_64, infinitely many dialects of ARM and POWER, RISC-V, WASM...</p>



<a name="178109285"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109285" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109285">(Oct 14 2019 at 14:46)</a>:</h4>
<p>We have <code>asm</code> tests in rustc that check the assembly that some code generates, we can add them for these intrinsics</p>



<a name="178109319"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109319" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109319">(Oct 14 2019 at 14:46)</a>:</h4>
<p><span class="user-mention" data-user-id="211871">@Hadrien Grasland</span> if you want to invest time in implementing the codegen for all those platforms, or to fix LLVM, go for it</p>



<a name="178109321"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109321" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109321">(Oct 14 2019 at 14:47)</a>:</h4>
<p>For me, x86_64 is enough</p>



<a name="178109335"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109335" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109335">(Oct 14 2019 at 14:47)</a>:</h4>
<p>And if some day all platforms support these, we can even implement generic ones on top</p>



<a name="178109341"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109341" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109341">(Oct 14 2019 at 14:47)</a>:</h4>
<p>But I think we are in violent agreement here regarding what concretely needs to be done.</p>



<a name="178109361"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109361" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109361">(Oct 14 2019 at 14:47)</a>:</h4>
<p>Yes, I think we are kind of also in agreement of what the ideal implementation would be</p>



<a name="178109366"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109366" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109366">(Oct 14 2019 at 14:47)</a>:</h4>
<p>(LLVM fixing their bug)</p>



<a name="178109419"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109419" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109419">(Oct 14 2019 at 14:48)</a>:</h4>
<p>But that's not going to happen on its own, and I don't think waiting for that fix should block adding a way to solve these problems in Rust</p>



<a name="178109456"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109456" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109456">(Oct 14 2019 at 14:48)</a>:</h4>
<ol>
<li>Specify the semantics that we want at the Rust level.</li>
<li>Implement it via LLVM's atomic volatile.</li>
<li>Add checks that the generated ASM is correct on various archs.</li>
<li>Postpone any other work, including arch-specific volatile loads and stores, until we actually have a problem that this solves.</li>
</ol>



<a name="178109482"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109482" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109482">(Oct 14 2019 at 14:49)</a>:</h4>
<p>One example is SIMD, x86_64 is good enough for 99% of our current users, some ARM SIMD intrinsics are ok for the rest, MIPS intrinsics for ~1 user, and PPC intrinsics for ~1 user</p>



<a name="178109493"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109493" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109493">(Oct 14 2019 at 14:49)</a>:</h4>
<p>The users that cared about MIPS, ARM, and PPC, invested their time into implementing them</p>



<a name="178109511"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109511" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109511">(Oct 14 2019 at 14:49)</a>:</h4>
<p>That's short-sighted. Many supercomputing centers use POWER CPUs..</p>



<a name="178109581"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109581" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109581">(Oct 14 2019 at 14:50)</a>:</h4>
<p>And ARM SVE is also getting a lot of attention from that community.</p>



<a name="178109610"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109610" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109610">(Oct 14 2019 at 14:50)</a>:</h4>
<p>So? If they want to use them, they should implement them, or pay someone that does</p>



<a name="178109619"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109619" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109619">(Oct 14 2019 at 14:50)</a>:</h4>
<p>That's how open source works</p>



<a name="178109627"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109627" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109627">(Oct 14 2019 at 14:50)</a>:</h4>
<p>We are not making supporting those platforms impossible</p>



<a name="178109632"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109632" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109632">(Oct 14 2019 at 14:50)</a>:</h4>
<p>We are providing a trivial way to supporting those platforms</p>



<a name="178109642"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109642" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109642">(Oct 14 2019 at 14:51)</a>:</h4>
<p>For anybody interested</p>



<a name="178109666"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109666" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109666">(Oct 14 2019 at 14:51)</a>:</h4>
<p>For this particular case, implementing two intrinsics for any platform using inline assembly should be trivial</p>



<a name="178109727"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109727" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109727">(Oct 14 2019 at 14:52)</a>:</h4>
<p>My point is, you're introducing extra rustc porting work for every new platform just to solve a problem which we're not sure we actually have.</p>



<a name="178109779"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109779" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109779">(Oct 14 2019 at 14:52)</a>:</h4>
<p>And it's not even guaranteed to resolve said problem in any meaningful way.</p>



<a name="178109813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109813">(Oct 14 2019 at 14:52)</a>:</h4>
<p>Not really</p>



<a name="178109841"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109841" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109841">(Oct 14 2019 at 14:53)</a>:</h4>
<p>Adding a new target to rustc doesn't require adding those intrinsics</p>



<a name="178109848"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109848" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109848">(Oct 14 2019 at 14:53)</a>:</h4>
<p>E.g. ARM does not support x86 SIMD intrinsics</p>



<a name="178109858"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109858" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109858">(Oct 14 2019 at 14:53)</a>:</h4>
<p>Sure. But there's nothing x86-specific about volatile loads and stores.</p>



<a name="178109866"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109866" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109866">(Oct 14 2019 at 14:53)</a>:</h4>
<p>So it doesn't belong in core::arch imo.</p>



<a name="178109934"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109934" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109934">(Oct 14 2019 at 14:54)</a>:</h4>
<p>No, but since LLVM doesn't guarantee any useful semantics, we can't provide them in a portable way either that's guaranteed to work</p>



<a name="178109949"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109949" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109949">(Oct 14 2019 at 14:54)</a>:</h4>
<p>So either we don't provide them, or provide intrinsics that are not guaranteed to work, or provide target-dependent intrinsics that are guaranteed to work</p>



<a name="178109968"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178109968" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178109968">(Oct 14 2019 at 14:55)</a>:</h4>
<p>Right now we provide intrinsics that are not guaranteed to work, and people want more guarantees</p>



<a name="178110080"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110080" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110080">(Oct 14 2019 at 14:56)</a>:</h4>
<p>We can also provide arch-agnostic intrinsics that are guaranteed to work at the spec level, implement them the LLVM way, and wait for bug reports proving that it doesn't work before going for anything more complicated.</p>



<a name="178110093"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110093" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110093">(Oct 14 2019 at 14:56)</a>:</h4>
<p>I mean, we're already relying on a lot of undocumented LLVM semantics.</p>



<a name="178110129"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110129" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110129">(Oct 14 2019 at 14:57)</a>:</h4>
<p>Sure.</p>



<a name="178110164"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110164" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110164">(Oct 14 2019 at 14:57)</a>:</h4>
<p>But then we are back to "volatile are hardware semantics", "native types", and all other target-dependent stuff</p>



<a name="178110253"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110253" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110253">(Oct 14 2019 at 14:58)</a>:</h4>
<p>We'd need to document the guarantees in a target-dependent way</p>



<a name="178110258"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110258" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110258">(Oct 14 2019 at 14:58)</a>:</h4>
<p>Sure. Volatile is an arch-agnostic interface with arch-specific semantics.</p>



<a name="178110277"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110277" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110277">(Oct 14 2019 at 14:59)</a>:</h4>
<p>We don't need to document the semantics ourselves, they are in each architecture's respective documentation.</p>



<a name="178110301"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110301" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110301">(Oct 14 2019 at 14:59)</a>:</h4>
<p>We need to guarantee that loads / stores won't tear</p>



<a name="178110303"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110303" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110303">(Oct 14 2019 at 14:59)</a>:</h4>
<p>All we need to do is to defeat the stupid spec hole that allows a wide volatile access to be split into multiple narrow ones.</p>



<a name="178110312"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110312" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110312">(Oct 14 2019 at 14:59)</a>:</h4>
<p>And that can be done just by switching to atomic volatile.</p>



<a name="178110321"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110321" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110321">(Oct 14 2019 at 14:59)</a>:</h4>
<p>no, that's not enough</p>



<a name="178110327"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110327" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110327">(Oct 14 2019 at 15:00)</a>:</h4>
<p>Why?</p>



<a name="178110406"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110406" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110406">(Oct 14 2019 at 15:00)</a>:</h4>
<p>if you then try to use an <code>atomic volatile</code> operation for a platform that doesn't have an appropriate instruction, you'll get at best an LLVM assertion</p>



<a name="178110417"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110417" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110417">(Oct 14 2019 at 15:00)</a>:</h4>
<p>more likely a "instruction fails to select"-type LLVM error, or a segfault]</p>



<a name="178110444"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110444" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110444">(Oct 14 2019 at 15:00)</a>:</h4>
<p>I think I have a way to resolve that.</p>



<a name="178110460"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110460" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110460">(Oct 14 2019 at 15:01)</a>:</h4>
<p>at worst, LLVM will just ignore the atomic and emit multiple instructions that tear</p>



<a name="178110481"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110481" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110481">(Oct 14 2019 at 15:01)</a>:</h4>
<p>so we need to encode in the front-end all that information for each target</p>



<a name="178110482"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110482" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110482">(Oct 14 2019 at 15:01)</a>:</h4>
<p>It's not even a very original one, someone already suggested it before. But it needs to be bikeshedded to death by the RFC process ;)</p>



<a name="178110587"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110587" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110587">(Oct 14 2019 at 15:02)</a>:</h4>
<p>The way I propose to resolve this is to add <code>AtomicXyz::load_volatile(self_: *const Self, o: Ordering)</code> and <code>AtomicXyz::store_volatile(self_: *const Self, o: Ordering)</code>.</p>



<a name="178110612"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110612" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110612">(Oct 14 2019 at 15:02)</a>:</h4>
<p>If I can call such an intrinsic for a 64-bit load for some target, but that fails to compile for another target, then that intrinsic isn't "portable" either</p>



<a name="178110647"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110647" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110647">(Oct 14 2019 at 15:02)</a>:</h4>
<p>How is that any different from adding <code>core::arch</code> intrinsics ?</p>



<a name="178110660"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110660" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110660">(Oct 14 2019 at 15:02)</a>:</h4>
<p>its just different "in syntax", but the atomic types are not available on all targets</p>



<a name="178110687"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110687" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110687">(Oct 14 2019 at 15:02)</a>:</h4>
<p>each target exposes different subsets of the atomic types, or even none</p>



<a name="178110723"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110723" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110723">(Oct 14 2019 at 15:03)</a>:</h4>
<p>This is being fixed.</p>



<a name="178110738"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110738" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110738">(Oct 14 2019 at 15:03)</a>:</h4>
<p>How?</p>



<a name="178110758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110758">(Oct 14 2019 at 15:03)</a>:</h4>
<p>They are implemented in libcore, so they can't be emulated</p>



<a name="178110764"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110764" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110764">(Oct 14 2019 at 15:03)</a>:</h4>
<p>Do they then fail at run-time ?</p>



<a name="178110769"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110769" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110769">(Oct 14 2019 at 15:03)</a>:</h4>
<p>By adding support for platforms which have only atomic loads and stores.</p>



<a name="178110784"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110784" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110784">(Oct 14 2019 at 15:03)</a>:</h4>
<p>?</p>



<a name="178110830"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110830" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110830">(Oct 14 2019 at 15:04)</a>:</h4>
<p>(Which are not actually atomic, but anyhow)</p>



<a name="178110849"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110849" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110849">(Oct 14 2019 at 15:04)</a>:</h4>
<p>Where is that being done ?</p>



<a name="178110896"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110896" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110896">(Oct 14 2019 at 15:04)</a>:</h4>
<p>Adding atomic types for platforms for which their semantics aren't atomic sounds like a bad idea</p>



<a name="178110901"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110901" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110901">(Oct 14 2019 at 15:04)</a>:</h4>
<p>Not even C++ does that</p>



<a name="178110904"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110904" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110904">(Oct 14 2019 at 15:04)</a>:</h4>
<p><a href="https://github.com/rust-lang/rust/pull/65214" target="_blank" title="https://github.com/rust-lang/rust/pull/65214">https://github.com/rust-lang/rust/pull/65214</a></p>



<a name="178110930"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110930" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110930">(Oct 14 2019 at 15:05)</a>:</h4>
<p>That's not what I was referring to</p>



<a name="178110949"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110949" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110949">(Oct 14 2019 at 15:05)</a>:</h4>
<p>That's just conditionally making different atomic operations available depending on the target</p>



<a name="178110958"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110958" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110958">(Oct 14 2019 at 15:05)</a>:</h4>
<p>some targets have 0 operations available</p>



<a name="178110967"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110967" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110967">(Oct 14 2019 at 15:05)</a>:</h4>
<p>Sorry, that was wrong.</p>



<a name="178110969"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110969" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110969">(Oct 14 2019 at 15:05)</a>:</h4>
<p>Code that uses <code>Atomic_</code> isn't portable</p>



<a name="178110984"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110984" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110984">(Oct 14 2019 at 15:05)</a>:</h4>
<blockquote>
<p>some targets have 0 operations available</p>
</blockquote>
<p>Sure about that?</p>



<a name="178110992"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178110992" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178110992">(Oct 14 2019 at 15:06)</a>:</h4>
<p>For any example you give me, I can give you a <code>--target</code> that will fail to compile</p>



<a name="178111058"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111058" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111058">(Oct 14 2019 at 15:06)</a>:</h4>
<blockquote>
<p>Sure about that?</p>
</blockquote>
<p>Yes, for example, nvptx64-nvidia-cuda</p>



<a name="178111079"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111079" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111079">(Oct 14 2019 at 15:06)</a>:</h4>
<p>Not even relaxed loads and stores of <code>AtomicUsize</code>?</p>



<a name="178111099"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111099" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111099">(Oct 14 2019 at 15:06)</a>:</h4>
<p>That's plain broken, as CUDA kernels can actually have atomic operations inside...</p>



<a name="178111112"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111112" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111112">(Oct 14 2019 at 15:07)</a>:</h4>
<p>Yes, but not with C11 semantics</p>



<a name="178111125"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111125" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111125">(Oct 14 2019 at 15:07)</a>:</h4>
<p>they have different atomic operations, with different semantics, that do not match the orderings that we have</p>



<a name="178111142"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111142" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111142">(Oct 14 2019 at 15:07)</a>:</h4>
<p><em>sigh</em> one more argument for adding unordered, I guess.</p>



<a name="178111147"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111147" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111147">(Oct 14 2019 at 15:07)</a>:</h4>
<p>There are proposals for trying to bring C11 atomics to nvidia GPUs though</p>



<a name="178111150"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111150" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111150">(Oct 14 2019 at 15:07)</a>:</h4>
<p>Anyhow.</p>



<a name="178111238"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111238" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111238">(Oct 14 2019 at 15:08)</a>:</h4>
<p>You started this discussion by saying you wanted a solution for mainstream platforms, not obscure niche.</p>



<a name="178111251"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111251" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111251">(Oct 14 2019 at 15:08)</a>:</h4>
<p>Now we're definitely getting into obscure niche territory.</p>



<a name="178111267"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111267" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111267">(Oct 14 2019 at 15:08)</a>:</h4>
<p>Does i386 have atomics ?</p>



<a name="178111274"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111274" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111274">(Oct 14 2019 at 15:08)</a>:</h4>
<p>Yes</p>



<a name="178111277"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111277" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111277">(Oct 14 2019 at 15:08)</a>:</h4>
<p>we also have at least one i386 target</p>



<a name="178111281"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111281" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111281">(Oct 14 2019 at 15:08)</a>:</h4>
<p>Otherwise you couldn't implement a mutex on it.</p>



<a name="178111467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111467">(Oct 14 2019 at 15:10)</a>:</h4>
<p>IMO, getting volatile to work as intended on every platform that has <code>Relaxed</code> atomic loads and stores would already be a reasonable achievement.</p>



<a name="178111548"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111548" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111548">(Oct 14 2019 at 15:11)</a>:</h4>
<p>And I could live with having arch-specific abstractions <em>for the other platforms</em> until either 1/they become C11-compliant or 2/we add weaker atomic orderings that match their semantics.</p>



<a name="178111607"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111607" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111607">(Oct 14 2019 at 15:12)</a>:</h4>
<blockquote>
<p>IMO, getting volatile to work as intended on every platform that has Relaxed atomic loads and stores would already be a reasonable achievement.</p>
</blockquote>
<p>This should be doable for those platforms</p>



<a name="178111766"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111766" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111766">(Oct 14 2019 at 15:14)</a>:</h4>
<p>I think this would match the spirit of what you're trying to do with x86-specific volatile operations, but in a way that can reach basically all mainstream platforms targeted by Rust.</p>



<a name="178111782"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111782" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111782">(Oct 14 2019 at 15:14)</a>:</h4>
<p>Without custom assembly, CALL overhead on each volatile operation, etc.</p>



<a name="178111792"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111792" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111792">(Oct 14 2019 at 15:14)</a>:</h4>
<p>oh, check this out: <a href="https://www.youtube.com/watch?v=VogqOscJYvk" target="_blank" title="https://www.youtube.com/watch?v=VogqOscJYvk">https://www.youtube.com/watch?v=VogqOscJYvk</a></p>
<div class="youtube-video message_inline_image"><a data-id="VogqOscJYvk" href="https://www.youtube.com/watch?v=VogqOscJYvk" target="_blank" title="https://www.youtube.com/watch?v=VogqOscJYvk"><img src="https://i.ytimg.com/vi/VogqOscJYvk/default.jpg"></a></div>



<a name="178111806"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111806" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111806">(Oct 14 2019 at 15:14)</a>:</h4>
<p>I haven't watched it, but maybe they manage to make C++ atomics work with cuda already?</p>



<a name="178111993"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178111993" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178111993">(Oct 14 2019 at 15:17)</a>:</h4>
<p>IIRC, the problem is that GPUs are not cache-coherent.</p>



<a name="178112014"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112014" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112014">(Oct 14 2019 at 15:17)</a>:</h4>
<p>So they miss one guarantee from C11, which is that all threads must observe stores to a given memory location as occuring in the same order.</p>



<a name="178112088"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112088" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112088">(Oct 14 2019 at 15:18)</a>:</h4>
<p>Unless fences are used to flush them.</p>



<a name="178112155"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112155" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112155">(Oct 14 2019 at 15:19)</a>:</h4>
<p>They could probably be modeled by LLVM's unordered atomics, but well... I think we've established that someone must do a PhD on them before they're accepted into the Rust memory model.</p>



<a name="178112190"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112190" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112190">(Oct 14 2019 at 15:19)</a>:</h4>
<p>yes,  just like POWER, GPUs share store buffers between threads</p>



<a name="178112200"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112200" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112200">(Oct 14 2019 at 15:19)</a>:</h4>
<p>or at least nvidia ones do</p>



<a name="178112284"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112284" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112284">(Oct 14 2019 at 15:20)</a>:</h4>
<p>so multiple stores can be viewed by other threads in the wrong orders</p>



<a name="178112285"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112285" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112285">(Oct 14 2019 at 15:20)</a>:</h4>
<p>They have store coherence on a given Compute Unit, but not across CUs, I believe.</p>



<a name="178112292"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112292" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112292">(Oct 14 2019 at 15:20)</a>:</h4>
<p>yes</p>



<a name="178112381"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112381" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112381">(Oct 14 2019 at 15:21)</a>:</h4>
<blockquote>
<p>I think we've established that someone must do a PhD on them before they're accepted into the Rust memory model.</p>
</blockquote>
<p>More like 5 PhDs should build up an operational semantics for Rust using atomics, and then another 5 PhDs should extend that with further useful orderings</p>



<a name="178112415"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112415" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112415">(Oct 14 2019 at 15:22)</a>:</h4>
<p>That was <span class="user-mention" data-user-id="120791">@RalfJ</span> plan all along</p>



<a name="178112482"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112482" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112482">(Oct 14 2019 at 15:22)</a>:</h4>
<p>So barring that, NVidia providing a way to implement C11 Relaxed on top of nvptx, even if with suboptimal efficiency, sounds like a more reasonable short-term plan.</p>



<a name="178112676"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112676" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112676">(Oct 14 2019 at 15:24)</a>:</h4>
<p>Possibly combined with NVPTX-specific unordered atomic intrinsics with a big warning attached to them.</p>



<a name="178112683"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112683" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112683">(Oct 14 2019 at 15:24)</a>:</h4>
<p>Maybe they did already, that cppcon video is  a couple of days old</p>



<a name="178112711"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178112711" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178112711">(Oct 14 2019 at 15:25)</a>:</h4>
<p>"We have no formal Rust semantics for these and they will eat your laundry if you try to use them to synchronize Rust memory operations. See the CUDA Programming Guide to learn more about their hardware-level semantics."</p>



<a name="178113088"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178113088" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178113088">(Oct 14 2019 at 15:29)</a>:</h4>
<p>But thanks, that's actually useful material for one question which I'm currently asking myself as part of my nefarious plan for soft-deprecating non-atomic volatile.</p>



<a name="178113178"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178113178" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178113178">(Oct 14 2019 at 15:30)</a>:</h4>
<p>Namely, do we actually a platform where we can have non-atomic volatile, but not Relaxed atomic volatile.</p>



<a name="178113181"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178113181" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178113181">(Oct 14 2019 at 15:30)</a>:</h4>
<p>Now I have one example.</p>



<a name="178113547"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178113547" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178113547">(Oct 14 2019 at 15:35)</a>:</h4>
<p>Posted at <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/152" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/152">https://github.com/rust-lang/unsafe-code-guidelines/issues/152</a></p>



<a name="178114026"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114026" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114026">(Oct 14 2019 at 15:41)</a>:</h4>
<p>So, I have given the NVidia presentation a quick skim.</p>



<a name="178114051"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114051" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114051">(Oct 14 2019 at 15:41)</a>:</h4>
<p>Essentially, they propose to have C11-like atomic semantics, but on a restricted device scope (e.g. thread block).</p>



<a name="178114292"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114292" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114292">(Oct 14 2019 at 15:44)</a>:</h4>
<p>So atomics don't have C11-like semantics within a warp ?</p>



<a name="178114307"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114307" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114307">(Oct 14 2019 at 15:44)</a>:</h4>
<p>But they do across warps?</p>



<a name="178114334"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114334" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114334">(Oct 14 2019 at 15:45)</a>:</h4>
<p>No, I think it's more like, you have C11 semantics "up to" a certain scope.</p>



<a name="178114365"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114365" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114365">(Oct 14 2019 at 15:45)</a>:</h4>
<p>That could be only inside a warp (architecturally free), or within warps + thread blocks (what CUDA has today if I understand correctly).</p>



<a name="178114431"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114431" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114431">(Oct 14 2019 at 15:46)</a>:</h4>
<p>But again, I only gave this a quick skim, and that's definitely not enough for something as subtle as a memory model.</p>



<a name="178114602"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178114602" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178114602">(Oct 14 2019 at 15:48)</a>:</h4>
<p>Also, best slide ever. <a href="/user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png" target="_blank" title="SAT.png">SAT.png</a></p>
<div class="message_inline_image"><a href="/user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png" target="_blank" title="SAT.png"><img src="/user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png"></a></div>



<a name="178115003"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178115003" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178115003">(Oct 14 2019 at 15:53)</a>:</h4>
<p>Apparently, they even have a way to do device-wide or cross-device atomics if you're interested in some expensive fences.</p>



<a name="178115365"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178115365" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178115365">(Oct 14 2019 at 15:58)</a>:</h4>
<p>But well, I'm speculating quite a bit here, and this presentation is more about <em>how</em> they got C++-style atomics than <em>what</em> the finally shipped product actually does.</p>



<a name="178115628"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178115628" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178115628">(Oct 14 2019 at 16:01)</a>:</h4>
<p>I tried to search for documentation a bit on the web, but it doesn't seem published yet. Even the CUDA programming guide is not up to date yet, it's not marked as implemented in the famous <a href="https://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html#cpp11-language-features" target="_blank" title="https://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html#cpp11-language-features">https://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html#cpp11-language-features</a> table, nor does this document contain any occurence of "std::atomic" or "&lt;atomic&gt;"</p>



<a name="178116614"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178116614" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178116614">(Oct 14 2019 at 16:14)</a>:</h4>
<p>So I suspect that this hasn't shipped in an actual CUDA toolkit release yet.</p>



<a name="178116839"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178116839" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178116839">(Oct 14 2019 at 16:16)</a>:</h4>
<p>And it will be hard to make any progress on nvptx until it does.</p>



<a name="178118386"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178118386" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178118386">(Oct 14 2019 at 16:37)</a>:</h4>
<p>So, to summarize...</p>
<p>For the common case of a platform that has at least <code>Relaxed</code> loads and stores that directly map into native loads and stores, I think we agree that <code>AtomicXyz::load_volatile/store_volatile</code> is better than current <code>ptr::read_volatile/write_volatile</code> in every way and should basically replace it:</p>
<ul>
<li>It almost perfectly matches hardware-defined data race semantics (and is guaranteed to as long as it is the only kind of memory access in use on that memory location).</li>
<li>It does not build if hardware loads and stores of the requested size do not exist (and AFAIK the error is nicely reported at the Rust layer, not at the LLVM layer, which is the main argument I have for putting this in the <code>AtomicXyz</code> API instead of having some sort of <code>ptr::read_atomic_volatile</code>)</li>
</ul>
<p>I <em>personally think</em> that <code>atomic volatile</code> would be good enough for "defer to hardware semantics" use cases in order to alleviate the need for platform-specific volatile load and store intrinsics in <code>core::arch</code> for those platforms. I'll probably keep thinking that unless someone can come up with a concrete case of LLVM compiling  atomic volatile loads or stores into anything other than a hardware load and stores in an important use case like interaction with untrusted code via shared memory.</p>
<p>So far, even if LLVM don't want to guarantee that it won't happen, it has never happened, and it is unclear under which circumstances that could possibly happen (as it seems that UB-induced miscompilation could only be triggered by knowledge which LLVM doesn't have, such as "this memory location is never initialized" or "some foreign code will do a non-atomic store there"). Therefore, I think the "wait for a bug report" strategy is fine. If and when that happens we can think about going for more complex solutions to this problem, such as custom assembly.</p>
<p>The intrinsics route can still be useful today, in the case of platforms like nvptx which...</p>
<ol>
<li>Cannot have Relaxed atomic volatile operations, or which implement them in a needlessly inefficient way.</li>
<li>Benefit from having sane volatile ops (in the nvptx case, that can be used when calling NVidia's synchronization intrinsics).</li>
</ol>
<p>Sounds like a plan?</p>



<a name="178118688"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178118688" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178118688">(Oct 14 2019 at 16:41)</a>:</h4>
<p>Sounds good to me</p>



<a name="178118779"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178118779" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178118779">(Oct 14 2019 at 16:42)</a>:</h4>
<p>Regarding the API I think you raised an issue about <code>Self</code> pointer types, aren't those supported on nightly behind <code>abstract_self_types</code> ? If so, then the standard library can just use them.</p>



<a name="178118803"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178118803" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178118803">(Oct 14 2019 at 16:43)</a>:</h4>
<p>But I don't know how that feature works for raw pointers exactly</p>



<a name="178118812"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178118812" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178118812">(Oct 14 2019 at 16:43)</a>:</h4>
<p>Can clients of the standard library using stable do so as well?</p>



<a name="178118978"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178118978" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178118978">(Oct 14 2019 at 16:44)</a>:</h4>
<p>In any case, if Self pointer types are supported, I would expect all the basic cases to work, and brokenness to lie in fat pointer corner cases like trait objects or slices ;)</p>



<a name="178119650"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178119650" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178119650">(Oct 14 2019 at 16:55)</a>:</h4>
<p>Okay, I tested it.</p>



<a name="178119679"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178119679" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178119679">(Oct 14 2019 at 16:55)</a>:</h4>
<p>It's clunkier than references because there isn't e.g. an automatic *mut -&gt; *const conversion, but <a href="https://play.rust-lang.org/?version=nightly&amp;mode=debug&amp;edition=2018&amp;gist=48ded877d702297a1b54bb1442cb2010" target="_blank" title="https://play.rust-lang.org/?version=nightly&amp;mode=debug&amp;edition=2018&amp;gist=48ded877d702297a1b54bb1442cb2010">it actually works</a>.</p>



<a name="178119907"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178119907" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178119907">(Oct 14 2019 at 16:58)</a>:</h4>
<p>People may be anxious about de-facto stabilizing this feature by making it part of a public std API though.</p>



<a name="178122397"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178122397" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178122397">(Oct 14 2019 at 17:35)</a>:</h4>
<p><span class="user-mention" data-user-id="211871">@Hadrien Grasland</span> clients of the standard library can use standard library APIs that use this feature on stable</p>



<a name="178122444"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178122444" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178122444">(Oct 14 2019 at 17:36)</a>:</h4>
<p>they cannot use the feature themselves on stable Rust to write their own APIs</p>



<a name="178125336"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178125336" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178125336">(Oct 14 2019 at 18:15)</a>:</h4>
<p>This much I know. What I'm afraid of is that someone could say that it is not acceptable to stabilize a public API that uses <code>#![feature(arbitrary_self_types)]</code>, because then it is not possible to remove or significantly change the <code>arbitrary_self_types</code> feature without breaking the public API of std, which amounts to making a compatibility-binding promise that at least the relevant subset of <code>arbitrary_self_types</code> will be eventually stabilized.</p>



<a name="178125728"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178125728" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178125728">(Oct 14 2019 at 18:19)</a>:</h4>
<p>For example, at the time where the array traits implementation was switched to const generics, <span class="user-mention" data-user-id="126931">@centril</span> made sure that this implementation was fully hidden from the public API for this reason. In that case, I don't think they feared that const generics would be eventually removed, but understand that they were more anxious about the possibility of const generics semantics changing in a fundamental way that would alter the semantics of the public std API throughout the feature development process.</p>



<a name="178125912"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178125912" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178125912">(Oct 14 2019 at 18:21)</a>:</h4>
<p>As far as I know, the "pointer receiver" subset of <code>arbitrary_self_types</code> is somewhat contentious at this point in time, and it's not 100% clear whether we want to eventually stabilize it or not. Therefore, there might be similar reservations about the prospect of exposing it in a public API.</p>



<a name="178136761"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178136761" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178136761">(Oct 14 2019 at 20:36)</a>:</h4>
<blockquote>
<p>LLVM provides volatile inline assembly blocks</p>
</blockquote>
<p>I have no idea what that means</p>



<a name="178136824"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178136824" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178136824">(Oct 14 2019 at 20:37)</a>:</h4>
<blockquote>
<p>On paper, sure. In practice, I'm fine with opening an issue about that, and punting how to fix it when the first user provides an example of a miscompilation</p>
</blockquote>
<p>I find it highly unlikely that an affected user will be able to identify that they are affected, let alone provide a clear miscompilation examples. So this strategy IMO equals "we ignore the problem and put our head into the sand".<br>
Which, admittedly, seems like a fair approach with LLVM :P</p>



<a name="178137053"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178137053" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178137053">(Oct 14 2019 at 20:40)</a>:</h4>
<blockquote>
<blockquote>
<p>I think we've established that someone must do a PhD on them before they're accepted into the Rust memory model.</p>
</blockquote>
<p>More like 5 PhDs should build up an operational semantics for Rust using atomics, and then another 5 PhDs should extend that with further useful orderings</p>
</blockquote>
<p>I don't think the scope is quite that large^^ but yes I personally think that to accept more things into our concurrency model I'd like to see at least 2 papers studying the same model and proving some stuff about it.<br>
that said, I do realize that those are high standards and could totally understand if the lang team would set the bar lower.</p>



<a name="178137119"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178137119" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178137119">(Oct 14 2019 at 20:41)</a>:</h4>
<p>(also I didn't read all of your conversation, I figured the gist of it ends up on GH. too much text here.^^)</p>



<a name="178137154"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178137154" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178137154">(Oct 14 2019 at 20:41)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> In GCC, marking an inline assembly block volatile means that the compiler can neither move it around in code nor remove it.</p>



<a name="178137218"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178137218" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178137218">(Oct 14 2019 at 20:42)</a>:</h4>
<p>LLVM probably understands it similarly.</p>



<a name="178137307"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178137307" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178137307">(Oct 14 2019 at 20:43)</a>:</h4>
<p>And yes, I did add the TL;DR to my github post.</p>



<a name="178137416"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178137416" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178137416">(Oct 14 2019 at 20:44)</a>:</h4>
<p>Basically, we ended up agreeing that atomic volatile is fine for most archs, but there are actual archs like nvptx where regular loads and stores are not Relaxed and we may want to keep non-atomic volatile for the sake of those.</p>



<a name="178138012"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138012" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138012">(Oct 14 2019 at 20:51)</a>:</h4>
<p>Also, here's a nice NVidia slide for you : <a href="user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png" target="_blank" title="user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png">https://rust-lang.zulipchat.com/user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png</a></p>
<div class="message_inline_image"><a href="user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png" target="_blank" title="https://rust-lang.zulipchat.com/user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png"><img src="user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png"></a></div>



<a name="178138473"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138473" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138473">(Oct 14 2019 at 20:56)</a>:</h4>
<blockquote>
<p><span class="user-mention silent" data-user-id="120791">RalfJ</span> In GCC, marking an inline assembly block volatile means that the compiler can neither move it around in code nor remove it.</p>
</blockquote>
<p>wait so normally the compiler can remove it...?!?</p>



<a name="178138508"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138508" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138508">(Oct 14 2019 at 20:57)</a>:</h4>
<p>and how is "you cant move it around" different from "it clobbers all the state of everything"?</p>



<a name="178138544"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138544" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138544">(Oct 14 2019 at 20:57)</a>:</h4>
<p>IIRC, compiler can indeed drop an asm block if it can prove that e.g. the clobbers are not observable.</p>



<a name="178138620"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138620" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138620">(Oct 14 2019 at 20:58)</a>:</h4>
<p>Yeah, optimizers are a pain at times.</p>



<a name="178138621"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138621" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138621">(Oct 14 2019 at 20:58)</a>:</h4>
<blockquote>
<p>Also, here's a nice NVidia slide for you : <a href="user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png" target="_blank" title="user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png">https://rust-lang.zulipchat.com/user_uploads/4715/yoBU9sbUqpr5SJ7IPpkeiJn-/SAT.png</a></p>
</blockquote>
<p>yeah seen that :D<br>
not big into SAT solvers / model checkers myself. they work great for whole-program stuff but I'm more interested in compositional methods. but that's just saying my research focus is different, those are still great tools!</p>



<a name="178138649"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178138649" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178138649">(Oct 14 2019 at 20:58)</a>:</h4>
<blockquote>
<p>IIRC, compiler can indeed drop an asm block if it can prove that e.g. the clobbers are not observable.</p>
</blockquote>
<p>lol</p>



<a name="178169350"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178169350" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178169350">(Oct 15 2019 at 07:57)</a>:</h4>
<blockquote>
<p>that said, I do realize that those are high standards and could totally understand if the lang team would set the bar lower.</p>
</blockquote>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> If you think that's where the bar should be set then I will set the bar there <span aria-label="slight smile" class="emoji emoji-1f642" role="img" title="slight smile">:slight_smile:</span></p>



<a name="178175429"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178175429" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178175429">(Oct 15 2019 at 09:31)</a>:</h4>
<blockquote>
<p>I have no idea what that means</p>
</blockquote>
<p>It means that no operations are re-ordered around the inline assembly block IIUC, and that the block is also assumed to have side-effects</p>



<a name="178175499"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178175499" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178175499">(Oct 15 2019 at 09:32)</a>:</h4>
<blockquote>
<p>wait so normally the compiler can remove it...?!?</p>
</blockquote>
<p>That's how I understand it. Rust makes all inline assembly blocks "volatile", but LLVM doesn't require that</p>



<a name="178175543"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178175543" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178175543">(Oct 15 2019 at 09:33)</a>:</h4>
<p>So if your inline assembly block would be "<code>const</code>" (like a <code>const fn</code> in the Rust sense), then LLVM could execute it once, cache the result, and replace other executions with the result</p>



<a name="178175654"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178175654" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178175654">(Oct 15 2019 at 09:35)</a>:</h4>
<p>or if you write a assembly block that has no inputs, no outputs, and no effects, LLVM could just remove it</p>



<a name="178177186"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178177186" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178177186">(Oct 15 2019 at 09:59)</a>:</h4>
<p>"volatile inline assembly" is a GCC-ism and a misleading name IMO. LLVM IR calls the flag <code>sideeffect</code>, a much more indicative name: the asm is doing <em>something</em> besides what's visible from the output specifiers, and of course correct optimizations must not duplicate or drop that side effect in any execution or reorder it with respect to other side effects. But unlike the <code>volatile</code> term it can't be interpreted as meaning "don't duplicate this snippet of assembly in the <code>--emit asm</code> output" (which is something some people want when e.g. inserting labels into the assembly for instrumentation or post-processing).</p>



<a name="178212210"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178212210" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178212210">(Oct 15 2019 at 16:52)</a>:</h4>
<p>(deleted)</p>



<a name="178212442"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178212442" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178212442">(Oct 15 2019 at 16:54)</a>:</h4>
<p>So my question is, and I think I've asked this before and gotten a vague answer: if a platform has no atomic instructions, how do atomic types work? Like old ARM has no atomics, can the compiler just fake it and use normal load/store as relaxed or something like that?</p>



<a name="178215868"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178215868" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178215868">(Oct 15 2019 at 17:35)</a>:</h4>
<p>This PR by <span class="user-mention" data-user-id="143274">@Amanieu</span> suggests that it can work indeed: <a href="https://github.com/rust-lang/rust/pull/65214" target="_blank" title="https://github.com/rust-lang/rust/pull/65214">https://github.com/rust-lang/rust/pull/65214</a></p>



<a name="178215984"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178215984" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178215984">(Oct 15 2019 at 17:36)</a>:</h4>
<p>Conceptually speaking, there is no reason why it shouldn't, since <code>Relaxed atomic load/store</code> basically translates into "global cache coherence on regular loads and stores" in hardware, and most CPUs actually guarantee this.</p>



<a name="178215999"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178215999" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178215999">(Oct 15 2019 at 17:36)</a>:</h4>
<p>(though as <span class="user-mention" data-user-id="132920">@gnzlbg</span> found out, GPUs don't)</p>



<a name="178216000"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216000" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216000">(Oct 15 2019 at 17:36)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> The <code>Atomic*</code> types are still available but they only provide <code>load</code> and <code>store</code>, not any of the other atomic operations.</p>



<a name="178216195"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216195" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216195">(Oct 15 2019 at 17:39)</a>:</h4>
<p>oh well that's fine then</p>



<a name="178216252"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216252" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216252">(Oct 15 2019 at 17:39)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> Out of curiosity, do we ever allow ourselves to not support all atomic orderings ?</p>



<a name="178216340"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216340" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216340">(Oct 15 2019 at 17:40)</a>:</h4>
<p>That could be convenient if we ever allowed ourselves to port to platforms without global cache coherence.</p>



<a name="178216355"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216355" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216355">(Oct 15 2019 at 17:40)</a>:</h4>
<p>No, all orderings must be supported.</p>



<a name="178216454"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216454" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216454">(Oct 15 2019 at 17:41)</a>:</h4>
<p>OK, then if I understand the <code>nvptx</code> weirdness correctly, we'll need to do something similar to what NVidia did in C++ and provide hardware-specific "scoped atomics" which only synchronize at a certain scale.</p>



<a name="178216469"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216469" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216469">(Oct 15 2019 at 17:41)</a>:</h4>
<p>If we ever want atomics on nvptx, that is.</p>



<a name="178216472"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216472" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216472">(Oct 15 2019 at 17:41)</a>:</h4>
<p>In practice this means that the architecture must support a simple memory barrier instruction (SeqCst fence) or be so simple (no OoO, caches, etc) that only a compiler fence is needed.</p>



<a name="178216545"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216545" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216545">(Oct 15 2019 at 17:42)</a>:</h4>
<p>I'll need to look into nvptx, but yea, this sounds like the kind of thing that you would put into std::arch</p>



<a name="178216609"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216609" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216609">(Oct 15 2019 at 17:43)</a>:</h4>
<p>To save you some search trouble, it seems that the relevant NVidia atomic header is not yet part of the published version of the CUDA toolkit, and only exists as fragments of slides in a C++ conference for now.</p>



<a name="178216666"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216666" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216666">(Oct 15 2019 at 17:44)</a>:</h4>
<p>I'm eagerly waiting for the matching release of NVidia tooling and docs to finally get a proper understanding of what GPU memory models actually look like. Seems they are quite a bit weirder than CPU memory models.</p>



<a name="178216812"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216812" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216812">(Oct 15 2019 at 17:45)</a>:</h4>
<p>I think it's simply a matter of scoping. Normal atomics work across the entire address space, while nvptx has faster atomics that only work within the current thread group or something similar.</p>



<a name="178216894"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216894" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216894">(Oct 15 2019 at 17:46)</a>:</h4>
<p>This is what I understood, but I would like to cross-check my understanding.</p>



<a name="178216912"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216912" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216912">(Oct 15 2019 at 17:46)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> ARM (at least the early versions) would fall under the "so simple" category</p>



<a name="178216933"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178216933" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178216933">(Oct 15 2019 at 17:46)</a>:</h4>
<p>Yes, anything pre-ARMv6 is basically single-core</p>



<a name="178217017"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178217017" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178217017">(Oct 15 2019 at 17:47)</a>:</h4>
<p>and even then, I think ARMv5/ARMv4 have memory barrier instructions, through CP15</p>



<a name="178217126"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178217126" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178217126">(Oct 15 2019 at 17:48)</a>:</h4>
<p>I don't recall seeing a memory barrier in ARMv4T, but i could have missed something</p>



<a name="178219501"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178219501" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178219501">(Oct 15 2019 at 18:15)</a>:</h4>
<blockquote>
<p>Amanieu 7:45 PM   <br>
I think it's simply a matter of scoping. Normal atomics work across the entire address space, while nvptx has faster atomics that only work within the current thread group or something similar.</p>
</blockquote>
<p>Well, this is a good way to see it I guess.</p>



<a name="178219542"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178219542" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178219542">(Oct 15 2019 at 18:15)</a>:</h4>
<p>The main issue is that normal atomics on such a target are so slow that nobody would use them.</p>



<a name="178222093"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178222093" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178222093">(Oct 15 2019 at 18:43)</a>:</h4>
<p>I think this schematic from AMD's GCN presentations best sums up how fsck'd up GPU cache hierarchies are <a href="https://mynameismjp.files.wordpress.com/2018/01/amd_caches.png" target="_blank" title="https://mynameismjp.files.wordpress.com/2018/01/amd_caches.png">https://mynameismjp.files.wordpress.com/2018/01/amd_caches.png</a> .</p>
<div class="message_inline_image"><a href="https://mynameismjp.files.wordpress.com/2018/01/amd_caches.png" target="_blank" title="https://mynameismjp.files.wordpress.com/2018/01/amd_caches.png"><img src="https://mynameismjp.files.wordpress.com/2018/01/amd_caches.png"></a></div>



<a name="178222151"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178222151" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178222151">(Oct 15 2019 at 18:43)</a>:</h4>
<p>(schematic also gives an overly simple view as texture L1 cache is also split per compute unit)</p>



<a name="178222284"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/178222284" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#178222284">(Oct 15 2019 at 18:44)</a>:</h4>
<p>(while other data and icache may be shared between multiple CUs, and of course flushes are manual... yeah, I'm really curious about how the NVidia folks managed to formalize that kind of craziness)</p>



<a name="179998930"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe%20access%20to%20volatile%20memory/near/179998930" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Safe.20access.20to.20volatile.20memory.html#179998930">(Nov 06 2019 at 02:57)</a>:</h4>
<blockquote>
<p><a href="https://github.com/asajeffrey/shared-data" target="_blank" title="https://github.com/asajeffrey/shared-data">https://github.com/asajeffrey/shared-data</a></p>
</blockquote>
<p>oh wow I entirely missed this link, would definitely have linked you to our crates earlier</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>